# Privacy Policy

Widgetbook GmbH
Technologiepark 8
33100 Paderborn
Germany

VAT ID: DE352499885

Registered with: Local Court (Amtsgericht) Paderborn

Commercial Register Number: HRB 15814

Represented by: Jens Horstmann and Lucas Josefiak

Email: contact@widgetbook.io

---

## **2. Legal Basis for Processing**

The processing of personal data requires a legal basis, which we outline below.

Where the processing of personal data is based on the data subject’s consent, the legal basis is Article 6(1)(a) of the General Data Protection Regulation (GDPR).

Where the processing of personal data is necessary for the performance of a contract to which the data subject is a party, the legal basis is Article 6(1)(b) GDPR. This also applies to processing operations necessary to carry out pre-contractual measures.

Where the processing of personal data is necessary for compliance with a legal obligation to which our company is subject, the legal basis is Article 6(1)(c) GDPR.

Where processing is necessary for the purposes of a legitimate interest pursued by our company or a third party, and where such interests are not overridden by the interests or fundamental rights and freedoms of the data subject, the legal basis is Article 6(1)(f) GDPR. The legitimate interest of our company lies in the performance of our business operations and in the analysis, optimization, and security of our online offering.

---

## **3. Contractual Processing**

Personal data that you provide to us for contractual purposes (e.g. request for quotations) will be used exclusively internally, for the purpose of responding to your inquiries, processing your orders, or granting access to specific contractual information.

The data stored may include:

- Email address
- First and last name
- Profile picture
- Profession/Occupation/Job
- GitHub ID and username
- CI/CD provider

We will only use or disclose your data as described in this Privacy Policy.

---

## **4. Use of Data**

Widgetbook GmbH uses the collected data for the following purposes:

- To provide and maintain our service
- To notify you about changes to our service
- To enable you to participate in interactive features of our service, should you choose to do so
- To provide customer support
- To gather analysis or valuable information to improve our service
- To monitor the usage of our service
- To detect, prevent, and resolve technical issues
- To send you messages, special offers, and general information about goods, services, and events we offer that are similar to those you have already purchased or requested, unless you have opted out of receiving such information

---

## **5. Contact**

When contacting us via email or contact form, your information will be stored for the purpose of responding to your inquiry.

Personal data that you transmit to us through a contact request, an email, or direct business interaction may be processed and maintained by us using our Customer Relationship Management (CRM) system, namely HubSpot.

As a general rule, no data will be transferred to third parties unless permitted under applicable data protection law or if we are legally obligated to do so. You may withdraw your consent at any time with effect for the future. In case of withdrawal, your data will be deleted without delay unless statutory exceptions require continued processing. Otherwise, your data will be deleted once your inquiry has been addressed or the purpose of storage no longer applies and no other legal exceptions apply.

You may request information at any time regarding the personal data stored about you.

---

## **6. Cookies**

Our services use cookies. Cookies are small text files stored on your device that transmit certain information to the entity that sets the cookie. They serve to make our internet offering more user-friendly, efficient, and to facilitate navigation on our website.

This website uses the following types of cookies:

- Transient cookies (temporary use)
- Persistent cookies (time-limited use)

Transient cookies are automatically deleted when you close your browser. These include, in particular, session cookies. These store a randomly generated session ID that enables your browser’s requests to be assigned to the same session. This allows your device to be recognized upon return to our website.

Persistent cookies are automatically deleted after a predefined period, which can vary depending on the specific cookie.

You may, of course, use our website without accepting cookies. You can configure your browser settings as you wish, for example, to reject third-party cookies or all cookies, or to delete already stored cookies. Please note that if you choose not to accept cookies, our website may not function properly in certain areas.

To change your cookie preferences, please contact us at contact@widgetbook.io or use the button at the bottom of the website.

---

## **7. Registration**

Our website offers the possibility of user registration. The personal data entered during registration is transmitted to the controller and used exclusively for internal purposes. At the time of registration, the user’s IP address as well as the date and time of registration are stored to prevent misuse of our services.

Additionally, we store the email address, first and last name, and company name. This registration process is facilitated by the provider Clerk: https://clerk.com/legal/privacy

---

## **8. Our Presence on Social Media**

We maintain online presences on various social networks and platforms to communicate with active customers, prospects, and users, and to inform them about our services and company.

The processing of personal data of users on these platforms is based on our legitimate interest in communication and information exchange. Where user consent has been given on a specific platform, the processing is based on that consent.

When you visit one of our social media profiles, we and the operator of the platform are jointly responsible for the data processing activities triggered during your visit. You may exercise your rights (see section “Rights of the Data Subject”) both with us and with the platform operator.

Please note that despite the joint responsibility, we do not have full influence over the data processing carried out by the platform operator. We may need to forward your data subject request to the relevant provider. Our influence is limited to the provider’s corporate policies.

We have no influence over the data retention policies of platform providers. For more details, please refer to their respective privacy policies. Depending on the platform, user data may be processed outside the European Union. For U.S.-based companies, EU Standard Contractual Clauses have been agreed upon to ensure compliance with European data protection law.

In general, user data is processed by the platforms for market research and advertising purposes. Usage profiles may be created based on user behavior and interests. These profiles may be used to deliver targeted advertisements on and off the platforms. Cookies are typically stored on user devices to track usage behavior. These profiles may also include cross-device data, especially if the user is logged into the respective platform.

---

## **9. Disclosure of Data to Third Parties**

### **9.1 General and Contractual Purposes**

We disclose data to third parties where necessary for contract fulfillment, or if we are legally obliged or entitled to do so. All partners we work with state that they are GDPR-compliant.

### **9.2 Tools for the Economic Operation of the Website**

Within the scope of our legitimate interests in analysis, optimization, and the efficient operation of our online offering, we may use third-party service providers. This always requires that the third-party providers process users’ IP addresses, as they cannot display content otherwise. IP addresses are thus required for displaying such content.

Pseudonymized data may also be stored in cookies and may contain technical information similar to log files. The following is a list of our third-party providers. If we intend to use your data for any other purpose, we will inform you beforehand and only use your data with your explicit consent.

### **9.3 Third-Party Tools Mentioned in This Privacy Policy**

- **Neon:** For web applications. [**Privacy Policy‍**](https://neon.tech/privacy-policy)
- **Clerk:** For user management. [**Privacy Policy‍**](https://clerk.com/legal/privacy)
- **Vercel:** For development and hosting. [**Privacy Policy‍**](https://vercel.com/legal/privacy-policy)
- **AWS:** For cloud data storage. [**Privacy Policy‍**](https://aws.amazon.com/privacy/)
- **Google Cloud Platform:** For cloud data storage. [**Privacy Policy‍**](https://cloud.google.com/privacy)
- **Axiom:** For data analytics. [**Privacy Policy‍**](https://axiom.co/privacy)
- **Sentry:** For error monitoring. [**Privacy Policy‍**](https://sentry.io/privacy/)
- **Mixpanel:** For usage analytics. [**Privacy Policy‍**](https://mixpanel.com/legal/privacy-policy)
- **Mouseflow:** For user behavior analytics. [**Privacy Policy‍**](https://mouseflow.com/privacy)
- **HubSpot:** For CRM and marketing. [**Privacy Policy‍**](https://legal.hubspot.com/privacy-policy)
- **GitHub:** For code management. [**Privacy Policy‍**](https://docs.github.com/en/site-policy/privacy-policies/github-general-privacy-statement)
- **Stripe:** For payment processing. [**Privacy Policy**](https://stripe.com/privacy)

---

## **10. Rights of the Data Subject**

You have the right to obtain information about your personal data stored by us. Under statutory provisions, you also have the right to rectification of inaccurate data, restriction of processing, data portability, and erasure of your personal data. Please send such requests to contact@widgetbook.io with the subject “Data Protection”.

You also have the right to lodge a complaint with a supervisory authority if you believe the processing of your personal data infringes applicable data protection laws.

Where processing is based on your consent, you have the right to withdraw that consent at any time. The withdrawal does not affect the lawfulness of processing based on consent before its withdrawal.

You may also object at any time to the future processing of your personal data in accordance with legal requirements. In particular, you may object to processing for direct marketing purposes.

---

## **11. Retention Period of Personal Data**

Unless otherwise stated in the specific sections above, the following applies: We store personal data for the duration of the relevant statutory retention periods or as long as the purpose of the data collection exists.

After expiry of the retention period, data is routinely deleted unless it is still required for contract initiation or performance. Where data is not deleted because it is required for other and legally permissible purposes, its processing will be restricted as far as possible. In such cases, the data will be blocked and not processed for other purposes. This particularly applies to data required to be retained for commercial or tax law reasons.

---

## **12. Security Information**

The security of your data is important to us. However, please be aware that no method of transmission over the Internet or method of electronic storage is 100% secure.

We strive to use commercially acceptable means to protect your personal data but cannot guarantee absolute security.

We encrypt data both at rest and in transit. Transmission is protected using SSL/TLS encryption. Data at rest, including database backups, is also encrypted. Additionally, we implement access controls and Multi-Factor Authentication (MFA) to further secure access to data.
